Alert processing based on attack graph and multi-source analyzing
Current attack graph-based alert correlation cannot deal with graph relation between alerts properly,and a large number of redundant attack paths may arise when trying to find out missing alerts and predict future attacks.A multi-source alert analyzing method was proposed,fully utilizing graph relat...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2015-09-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2015193/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841539684011868160 |
|---|---|
| author | Wei-xin LIU Kang-feng ZHENG Bin WU Yi-xian YANG |
| author_facet | Wei-xin LIU Kang-feng ZHENG Bin WU Yi-xian YANG |
| author_sort | Wei-xin LIU |
| collection | DOAJ |
| description | Current attack graph-based alert correlation cannot deal with graph relation between alerts properly,and a large number of redundant attack paths may arise when trying to find out missing alerts and predict future attacks.A multi-source alert analyzing method was proposed,fully utilizing graph relation and threshold to correlate mapped alerts and eventually reduce false positive rate as well as true negative rate.To improve the speed of the algorithm,a parallel alert processing system (AG-PAP) was proposed.AG-PAP is tested on distributed environment which gets satisfied effec-tiveness and performance. |
| format | Article |
| id | doaj-art-c08781aa37994ebd81eaeb88359e80ec |
| institution | Kabale University |
| issn | 1000-436X |
| language | zho |
| publishDate | 2015-09-01 |
| publisher | Editorial Department of Journal on Communications |
| record_format | Article |
| series | Tongxin xuebao |
| spelling | doaj-art-c08781aa37994ebd81eaeb88359e80ec2025-01-14T06:53:36ZzhoEditorial Department of Journal on CommunicationsTongxin xuebao1000-436X2015-09-013613514459695656Alert processing based on attack graph and multi-source analyzingWei-xin LIUKang-feng ZHENGBin WUYi-xian YANGCurrent attack graph-based alert correlation cannot deal with graph relation between alerts properly,and a large number of redundant attack paths may arise when trying to find out missing alerts and predict future attacks.A multi-source alert analyzing method was proposed,fully utilizing graph relation and threshold to correlate mapped alerts and eventually reduce false positive rate as well as true negative rate.To improve the speed of the algorithm,a parallel alert processing system (AG-PAP) was proposed.AG-PAP is tested on distributed environment which gets satisfied effec-tiveness and performance.http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2015193/alert correlationattack graphmulti-source analyzingparallel processing |
| spellingShingle | Wei-xin LIU Kang-feng ZHENG Bin WU Yi-xian YANG Alert processing based on attack graph and multi-source analyzing Tongxin xuebao alert correlation attack graph multi-source analyzing parallel processing |
| title | Alert processing based on attack graph and multi-source analyzing |
| title_full | Alert processing based on attack graph and multi-source analyzing |
| title_fullStr | Alert processing based on attack graph and multi-source analyzing |
| title_full_unstemmed | Alert processing based on attack graph and multi-source analyzing |
| title_short | Alert processing based on attack graph and multi-source analyzing |
| title_sort | alert processing based on attack graph and multi source analyzing |
| topic | alert correlation attack graph multi-source analyzing parallel processing |
| url | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2015193/ |
| work_keys_str_mv | AT weixinliu alertprocessingbasedonattackgraphandmultisourceanalyzing AT kangfengzheng alertprocessingbasedonattackgraphandmultisourceanalyzing AT binwu alertprocessingbasedonattackgraphandmultisourceanalyzing AT yixianyang alertprocessingbasedonattackgraphandmultisourceanalyzing |